<?php
session_start();
require_once("../includes/session.php");

$db = get_session_db($db_config);

$allowed_sections = array(
	"galleries",
	"events"
);

$allowed_actions = array(
	'view'
);

/*
 * Inserire la verifica del login:
 * se l'utente amministratore è loggato ampliare gli array
 * $allowed_sections[] = "users"
 * $allowed_actions[] = "edit"
 * $allowed_actions[] = "delete" 
 */

if(user_is_logged($db)){
	$allowed_sections[] = "users";
	$allowed_actions[] = "edit";
	$allowed_actions[] = "delete";
}
/*
 * Imposto i valori di default delle variabili $_GET
 */ 
if(!isset($_GET['section'])){
 	$_GET['section'] = "galleries";
}
if(!isset($_GET['id'])){
	$_GET['id'] = 0;
}
if(!isset($_GET['action'])){
	$_GET['action'] = "view";
}

 /*
  * Controllo le autorizzazioni
  */ 
if(!in_array($_GET['section'],$allowed_sections)){
	echo "Section non available!";
	exit();
}
if(!is_numeric($_GET['id'])){
	echo "Invalid id!";
	exit();
}
if(!in_array($_GET['action'],$allowed_actions)){
	echo "Action non available!";
	exit();
}



/*
 * Stampo le informazioni
 */ 
echo "Section: ".$_GET['section']."<br />";
echo "Id: ".$_GET['id']."<br />";
echo "Action: ".$_GET['action']."<br />";

?>
